[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

VanL van.lindberg at gmail.com
Tue Feb 11 04:54:58 UTC 2020


I definitely want to hear any concerns... but I will also note that the
crypto portions of the license were reviewed by a number of people who are
expert in that space and they approved.

My best guess is that you are concerned that this requires the disclosure
of user-specific keys, and so you think that means that traditional crypto
which relies on a private key or private cert would need to be disclosed.
This is incorrect.

They difference is between user keys and system keys. User keys form the
basis of a user's identity and control over computation or data. Under the
license, they must be controlled by the user alone.

System keys, however, used for things like TLS and SSH, are not User Data
within the scope of that term. They may be kept confidential and secure.

Thanks,
Van

__________________________
Van Lindberg
van.lindberg at gmail.com
m: 214.364.7985

On Mon, Feb 10, 2020, 7:17 PM Christopher Lemmer Webber <
cwebber at dustycloud.org> wrote:

> Josh Berkus writes:
>
> > On 1/7/20 11:00 AM, Pamela Chestek wrote:
> >> The discussion is still active so it will not be considered at the next
> >> Board meeting, which is this Friday. The soonest would be the February
> >> Board meeting.
> >
> > So, it's been a month since there's been any discussion about the CAL.
> > Pamela, can we take a poll of how people feel about the license?
> > Pass/Reject/MoreDiscussionNeeded?
>
> I'm not very sure if I'm in the right place to state this, but I'd say
> "Reject" or at least "MoreDiscussionNeeded".  I believe there are very
> serious problems in the license that will (ironically, due to its name)
> prevent the ability to have safely private networks on cryptographically
> secure peer to peer networks.  I believe I can demonstrate the privacy
> risks, and spend most of tomorrow doing a detailed and longer writeup
> about my concerns.  Note that I don't think it's any malicious intention
> of the author to introduce these problems; I think Van is acting in good
> faith and interest there, but nonetheless I think the concerns exist and
> are very grave, if I understand correctly.
>
> If I am going to air them before the board meeting, am I doing it in the
> right place here?  If so, I will follow up on the thread here tomorrow.
>
>  - Chris
>
> PS: I'm sorry I haven't aired my very serious concerns earlier.  Van
> asked me personally to review at last year's CopyleftConf and I never
> got around to writing up my thoughts.  I regret that, and wish I had
> done so sooner... maybe I could have prevented a lot of trouble.
> Nonetheless I think it's important that I write them up now; I'm
> guessing we're in the "speak now or forever hold your peace" moment
> though, so I'm trying to articulate my concerns before it's too late.
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20200210/3c6161c4/attachment.html>


More information about the License-review mailing list